Keeping Up with Terminal Services - 09 May 2001

SMB Signing Bug Can Interfere with TSAdmin Tool When you enable Server Message Block (SMB) Signing on Windows 2000 Server Terminal Services servers, and you use the Terminal Services Manager (TSAdmin) utility to administer the Terminal Services servers, TSAdmin could hang after connecting to multiple servers. According to Microsoft article Q291041, the redirector doesn't correctly process communication requests when you enable SMB Signing. See the article to learn how to get a fix or how to disable SMB Signing.

Postscript Printer Might Not Print Duplex Even if the Setting Is Specified in the PPD File When you print from a Windows NT Server 4.0, Terminal Server Edition (TSE) server to some PostScript printers, you might have to manually set the Duplex option in the UI even if the PostScript Printer Description (PPD) file specifies the duplex option. See the article to learn how to update the printer settings or (for some printers) use the updated PostScript driver.

Security Breach: WebDAV Service Provider Lets Scripts Levy Requests as a User The Microsoft Data Access Component (MDAC) Internet Publishing Provider provides access to Web Distributed Authoring and Versioning (WebDAV) resources over the Internet. Although it should differentiate between user requests and script requests from the user's browser, an implementation flaw makes WebDAV handle all requests in the security context of the user. If a user opens a Web page or HTML email message that contains script, the script can access Web-based resources as the user—with all the user's permissions and network rights. This vulnerability can't be exploited against standalone computers and won't work if Active Scripting is disabled. See Microsoft article Q296441 for more information.

"Status_Unexpected_Network_Error" Error Message from Redirector to Terminal Services Client Sessions According to Microsoft article Q272127, during a Terminal Services client session on a Win2K terminal server, you might receive one of the following error messages when you try to gain access to a file on a mapped drive:

Microsoft hasn't indicated what causes the problem, but the company has issued a fix.

Installing Services for UNIX 2.0 NIS in a Peer Domain Generates Error If you install Win2K and create a new domain in a new forest, then install Network Information Service (NIS) on the domain controller (DC), the install succeeds and NIS works correctly. If you later add a second domain to the same forest, the NIS install fails with error 26065. According to Microsoft article Q289747, some Active Directory (AD) entries aren't structured the way the install script expects. See the article to learn how to get and install a fix.

How To Set a Default Autocreated Printer with TSE and MetaFrame If you run TSE and Citrix MetaFrame on a terminal server and fight with printer-driver incompatibilities for client-side mapped printers, see Microsoft article Q221509 to learn how to substitute the drivers on the terminal server for working driver without changing the driver on the client machine.

Bookman Blue Screen According to Microsoft article Q237424, using the Bookman Old Style font on Terminal Services or TSE servers can lead to blue-screen errors in video memory. See the article for more information about the wording of the errors and to learn how to get a fix.

Description of Performance Options in Win2K If you're looking for a description of how performance varies between Win2K in Application Server mode and Win2K in Remote Administration mode (or without Terminal Services installed), see Microsoft article Q259025 to learn how the OS prioritizes applications in their contention for CPU cycles.

Can't Load Roaming Profile When you use roaming profiles and log on to both Win2K-based and NT 4.0-based clients, the roaming profile might include the ntuser.pol file with a .tmp extension (e.g., Ntuser.pol.tmp). According to Microsoft article Q271518, NT 4.0 adds a .tmp extension to the filename because it doesn't expect to find the system and hidden attributes set on ntuser.pol, and the system can't load the profile.

Terminal Services Home Folder has Incorrect Permissions for NT 4.0 Target Server When you use the Microsoft Management Console (MMC) AD Users and Computers snap-in to specify a Terminal Services home folder, Windows automatically creates the home folder for you. If you have an NT 4.0-based server, you won't have access to the folder because the system incorrectly assigns NTFS permissions. See Microsoft article Q289677 to learn how to get a fix for this problem.

Program Running in a Terminal Server Session Could Hang A program running in a TSE terminal server session could hang if a thread in win32k.sys enters an endless loop while it's looking for a window. The program's kernel time will be high and continue to increase because the thread is almost always actively running in the kernel. See Microsoft article Q291815 to see how to get a fix (this fix, incidentally, requires that you install Service Pack 6—SP6).

Debugging User Profiles and System Policies in NT 4.0 You can configure TSE to maintain a log file of roaming profile and system policies. See Microsoft article Q154120 to learn how to edit the registry to begin logging and how to read the log.

Clipboard Data Not Available After Reconnecting to Terminal Server If you copy text into the Clipboard in a Terminal Services client session, the text won't be available after you disconnect from and reconnect to the terminal server. Microsoft article Q217885 says that terminal server doesn't copy the actual data to the client computer's Clipboard; it copies a list of formats in which the data can be copied. When a program on the client computer requests the data, the client computer pulls the data from the server. If the client computer disconnects, the data is no longer available.

Can't Install SP6 with High-Encryption IE If you attempt to install the standard-encryption (i.e., 56-bit) version of NT 4.0 SP6 on a TSE terminal server that runs Microsoft Internet Explorer (IE) High Encryption Pack or IE 5.5, an error message will tell you that you can't install the service pack and that you need the High Encryption version. See Microsoft article Q250867 to learn how to edit the installation file.

Error Message Might Occur When You Add User Names in Win2K When you attempt to add users or computers to a Win2K computer, an error message might tell you that the name you selected is already in use. This issue can occur because Win2K restricts several pre-Win2K user, computer, and trust-relationship names. See Microsoft article Q266633 for a list of affected names.

NonDefault Printer Properties Aren't Reflected in a Terminal Services Redirected Printer When a Terminal Services client connects to a Terminal Services session, the session automatically creates a redirected printer that doesn't reflect the configured paper size on the client computer if it isn't the default paper size. According to Microsoft article Q291251, RDP doesn't have a mechanisms for passing printer settings from client to server.

Terminal Services Licensing Server Required for Terminal Services Clients Although Win2K Professional comes with a Terminal Server Client Access License (TSCAL), you still need a Terminal Service licensing server to use Terminal Services. Otherwise, the terminal server will stop accepting connections. See Microsoft article Q291807 for more details.

Terminal Server Client Licensing Information Isn't Encrypted in Network Packets When you use Network Monitor to trace RDP traffic from a Terminal Services client to a Terminal Services server, the Terminal Services client licensing information isn't encrypted in the network packets. According to Microsoft article Q295080, Microsoft is researching the problem and will post more information as it becomes available.

John Savill's Hyper-V Master Class

Join John Savill for 12 hours of comprehensive Hyper-V training. This master-level online training course will explore all the key aspects of a Hyper-V based virtualization environment covering both current capabilities in Windows Server 2012 R2 and looking at the future with Windows Server vNext.